Continuous Monitoring

Enterprise Risk Management, Security Operations Support, and Security Risk Intelligence Managed Service

Continuous Monitoring

Maintaining situational awareness of the risks posed to an organization can seem like an insurmountable task. The complexity is magnified given the amount of data that needs to be sifted through for a typical organization with industry standard security technologies in place. Furthermore, with the ever-changing threat landscape and the advancement in exploitation vectors, it is becoming increasingly difficult to anticipate the next threat and proactively respond should a breach occur.

With an effective security program, a security architecture that is matched to the known threats and risks to the organization, and the appropriate detective and preventative controls (including personnel resources), an organization has the tools necessary to maintain a vigilant watch for indications and warnings of an impending or occurring attack. Additionally, with an incident response capability coupled with an enterprise risk management program and security configuration management, an organization can quickly respond to an attack and update the security configuration baseline so that the organization is no longer vulnerable to the attack vector, or the likelihood of subsequent exploitation has been minimized to an acceptable level.

When operating in proactive capacity, an organization can continuously monitor and assess the effectiveness of the implemented control baseline, conduct risk assessments to better understand the overall impact to the enterprise, prioritize remediation activities based upon risk assessment results, and remediate identified issues.

SecureForce has built and trained the teams, developed the policies and procedures, and evaluated, deployed and integrated the technologies that provide the necessary automation to continuous monitoring capability for several customer organizations.

 

Enterprise Risk Management

Integrating risk management into a continuous monitoring capability is essential to making risk-based decisions using accurate, current and relevant information. Given the speed, volume and complexity of the data needed to be collected and analyzed, the key to successful integration of risk management is the implementation of an automated governance framework. This automated governance framework can be implemented through the deployment of IT Governance, Risk and Compliance (IT-GRC) technologies.

SecureForce has deployed and integrated IT-GRC technologies for several organizations, ultimately providing compliance automation and enterprise risk management capabilities that deliver the necessary governance for continuous monitoring programs. Automated data collection and analysis capabilities yields a force multiplier that drastically reduces the level of effort associated with compliance and enterprise risk management activities. Automated workflows accelerate the assessment process while also ensuring the process is consistent and repeatable, regardless of who conducts it. The ability to cross-correlate controls to multiple frameworks, vulnerabilities to controls, and controls to risks significantly reduces the time required for identification and analysis of risks while providing powerful reporting capabilities that present a holistic view of risks across the enterprise.

 

Security Operations

With the dynamic threats facing organizations today, the ability to provide relevant and timely security data to decision makers entails the collection and analysis of data in near real-time. Consistent and repeatable operational processes, specialized skills, and specialized detection and analysis technologies is necessary to contextually understand the impact of a threat and determine the most appropriate response. Collectively, the processes, personnel, and key technologies drive a security operations capability that supports continuous monitoring.

SecureForce security engineers have extensive experience designing and implementing the key technologies, developing consistent and repeatable processes, and supporting ongoing security operations activities. Our experience has taught us that focus on each technology and each process is essential to effectively supporting the demands of a near real-time security operations capability. This level of focus is achieved through the definition of task or mission-specific roles, the development of processes specific to these roles, and the completion of role-based training for personnel assigned to these roles.

While different technologies may be deployed and security operations billets may vary between organizations, we typically recommend establishing mission-specific roles within the following categories and functional areas:

Situational Awareness and Security Impact Analysis
Threat Analysis
Security Event Monitoring and Analysis
Vulnerability and Exploit Analysis
Incident Response and Remediation Support
Incident Handling
System and Network Forensics Analysis
Security Engineering

 

SecureForce Cyber Readiness Team

To augment the internal training our engineers receive, industry certification is included as part of professional development. In addition to vendor and technology specific certifications, SecureForce security engineers have earned the highest levels of security certifications that demonstrate proficiency with testing activities as well as the ability to thoroughly understand the operating environment to effectively and efficient perform the assessment while focusing assessment activities to meet organizational goals. These certifications include:

  • Certified Ethical Hacker (CEH)
  • Certified Penetration Tester (CPT)
  • Certified SCADA Security Architect (CSSA)
  • Certified Network Defense Architect (CNDA)
  • Certified Information Systems Auditor (CISA)
  • Certified Penetration Testing Specialist (CPTS)
  • Certified Information Systems Security Professional (CISSP)
  • Information Systems Security Engineering Professional (ISSEP)
  • Information Systems Security Architecture Professional (ISSAP)
  • National Security Agency Information Security Evaluation Methodology (NSA-IEM)
  • National Security Agency Information Security Assessment Methodology (NSA-IAM)

Many of our senior security engineers hold the Information System Security Engineering Professional (ISSEP) and Certified Authorization Professional (CAP) certifications, have provided security engineering support across the Systems Development Life Cycle (SDLC), and have lead dozens of Security Authorization projects.

Get in touch